################################################################################
################################################################################
#                                                                              #
# Original patch by Ricardo Cerqueira <rmcc@clix.pt>                           #
#                                                                              #
# Updated by James Dennis <james@firstaidmusic.com> for openssh-3.7.1p2        #
#                                                                              #
# Updated by KANAI Makoto <kanai@nadmin.org> for FreeBSD ports                 #
#                                                                              #
# A patch to cause sshd to chroot when it encounters the magic token           #
# '/./' in a users home directory. The directory portion before the            #
# token is the directory to chroot() to, the portion after the                 #
# token is the user's home directory relative to the new root.                 #
#                                                                              #
# cd /usr/ports/security/openssh-portable                                      #
# make patch                                                                   #
# cd $WRKDIRPREFIX/usr/ports/security/openssh-portable/work                    #
# patch -p0 <this-patch                                                        #
# cd /usr/ports/security/openssh-portable                                      #
# make                                                                         #
#                                                                              #
################################################################################
################################################################################

diff -uNr openssh-3.7.1p2/session.c openssh-3.7.1p2-chroot/session.c
--- openssh-3.7.1p2/session.c	Tue Oct 28 01:14:34 2003
+++ openssh-3.7.1p2-chroot/session.c	Tue Oct 28 00:57:30 2003
@@ -58,6 +58,8 @@
 #include "session.h"
 #include "monitor_wrap.h"
 
+#define CHROOT
+
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
@@ -1382,8 +1384,18 @@
 
 /* Set login name, uid, gid, and groups. */
 void
+#ifdef CHROOT
+do_setusercontext(struct passwd *pw, char *user_dir, char *new_root, int dochroot)
+#else
 do_setusercontext(struct passwd *pw)
+#endif
 {
+
+#ifdef CHROOT
+	char *user_dir;
+	char *new_root;
+#endif /* CHROOT */
+
 #ifndef HAVE_CYGWIN
 	if (getuid() == 0 || geteuid() == 0)
 #endif /* HAVE_CYGWIN */
@@ -1398,10 +1410,30 @@
 		setpgid(0, 0);
 # endif
 		if (setusercontext(lc, pw, pw->pw_uid,
-		    (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH))) < 0) {
+		    (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
 			perror("unable to set user context");
 			exit(1);
 		}
+
+#ifdef CHROOT
+	       user_dir = xstrdup(pw->pw_dir);
+	       new_root = user_dir + 1;
+
+	       while((new_root = strchr(new_root, '.')) != NULL) {
+		   new_root--;
+		   if(strncmp(new_root, "/./", 3) == 0) {
+		       *new_root = '\0';
+		       new_root += 2;
+
+		       if(chroot(user_dir) != 0)
+			   fatal("Couldn't chroot to user directory % s", user_dir);
+			   pw->pw_dir = new_root;
+			   break;
+		       }
+		       new_root += 2;
+	       }
+#endif /* CHROOT */
+		permanently_set_uid(pw);
 #else
 # if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
 		/* Sets login uid for accounting */
@@ -1421,6 +1453,8 @@
 			exit(1);
 		}
 		endgrent();
+
+
 # ifdef USE_PAM
 		/*
 		 * PAM credentials may take the form of supplementary groups. 
@@ -1495,6 +1529,11 @@
 	struct passwd *pw = s->pw;
 	u_int i;
 
+#ifdef CHROOT
+	char *user_dir;
+	char *new_root;
+#endif /* CHROOT */
+
 	/* remove hostkey from the child's memory */
 	destroy_sensitive_data();
 
@@ -1517,7 +1556,11 @@
 			do_motd();
 #else /* HAVE_OSF_SIA */
 		do_nologin(pw);
+#ifdef CHROOT
+		do_setusercontext(pw, user_dir, new_root, 1);
+#else
 		do_setusercontext(pw);
+#endif
 #endif /* HAVE_OSF_SIA */
 	}
 
diff -uNr openssh-3.7.1p2/session.h openssh-3.7.1p2-chroot/session.h
--- openssh-3.7.1p2/session.h	Tue Aug 26 10:49:56 2003
+++ openssh-3.7.1p2-chroot/session.h	Tue Oct 28 00:58:44 2003
@@ -26,6 +26,8 @@
 #ifndef SESSION_H
 #define SESSION_H
 
+#define CHROOT
+
 #define TTYSZ 64
 typedef struct Session Session;
 struct Session {
@@ -67,7 +69,11 @@
 Session	*session_new(void);
 Session	*session_by_tty(char *);
 void	 session_close(Session *);
+#ifdef CHROOT
+void	 do_setusercontext(struct passwd *, char *user_dir, char *new_root, int dochroot);
+#else
 void	 do_setusercontext(struct passwd *);
+#endif
 void	 child_set_env(char ***envp, u_int *envsizep, const char *name,
 		       const char *value);
 
diff -uNr openssh-3.7.1p2/sshd.c openssh-3.7.1p2-chroot/sshd.c
--- openssh-3.7.1p2/sshd.c	Tue Oct 28 01:14:34 2003
+++ openssh-3.7.1p2-chroot/sshd.c	Tue Oct 28 01:04:19 2003
@@ -100,6 +100,8 @@
 #define O_NOCTTY	0
 #endif
 
+#define CHROOT
+
 #ifdef HAVE___PROGNAME
 extern char *__progname;
 #else
@@ -673,7 +675,11 @@
 	demote_sensitive_data();
 
 	/* Drop privileges */
+#ifdef CHROOT
+	do_setusercontext(authctxt->pw, NULL, NULL, 0);
+#else
 	do_setusercontext(authctxt->pw);
+#endif
 
 	/* It is safe now to apply the key state */
 	monitor_apply_keystate(pmonitor);